“Maybe stories are just data with a soul.”

Brené Brown


Record Keeping


Rules of Data Protection

Data Protection People


Rules on data protection may change from time to time.  If you have a specific query, it is advisable to check the website of the Data Protection Commissioner for the most up to date information. The website address is: 



At the time of writing, the following represent some of the key principles around Data Protection: 

The 8 Rules of Data Protection are as follows:

Fairly obtained

It is a fundamental principle of data protection that if your organisation collects and stores personal information about clients on computer, then that information must be collected fairly and used fairly;

Obtained for a specific purpose

Information obtained from individuals must have a specific and clearly stated purpose. It is not permissible to routinely and indiscriminately gather information about someone without having a legitimate reason for doing so;

Used only for that purpose

If you obtain personal information about someone for a particular purpose, you may not use that information for any other purpose. Neither can you divulge it to a third party unless the person you obtained it from would expect it to be disclosed and used;

Kept secure

The security of personal information is all-important. It will be more significant in some situations than in others, depending upon such matters as confidentiality and sensitivity;

Be accurate and up to date

You must ensure that the personal information you keep is accurate and up-to-date. This means having in place clerical and computer systems to ensure that data is reviewed for accuracy;


The personal data you keep should be sufficient to enable you to achieve your purpose, and no more. You are not justified in collecting or keeping additional or excessive personal information unless it is necessary;

Retained 'as necessary'

Data controllers need to be clear about the length of time for which data will be kept and the reason why the information is being retained. If there is no good reason for retaining personal information, then it should be routinely deleted. It is good practice to regularly review the need to retain records;

Available on request

Following a written request, individuals have a right to access information held about them and are entitled to:-

  • a copy of the data;
  • a description of the purposes for which it is held;
  • a description of those to whom the data may be disclosed and
  • the source of the data unless this would be contrary to public interest